Policy Engine For Cinder
Verifies that the action is valid on the target in this context.
context – cinder context
action – string representing the action to be checked
this should be colon separated for clarity.
i.e. compute:create_instance
,
compute:attach_volume
,
volume:attach_volume
target – dictionary representing the object of the action for object
creation this should be a dictionary representing the
location of the object e.g.
{'project_id': context.project_id}
do_raise – if True (the default), raises PolicyNotAuthorized; if False, returns False
exc – Class of the exception to raise if the check fails.
Any remaining arguments passed to authorize()
(both
positional and keyword arguments) will be passed to
the exception class. If not specified,
PolicyNotAuthorized
will be used.
cinder.exception.PolicyNotAuthorized – if verification fails and do_raise is True. Or if ‘exc’ is specified it will raise an exception of that type.
returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.
Whether or not user is admin according to policy setting.
Verifies that the action is valid on the target in this context.
context – cinder context
action – string representing the action to be checked
this should be colon separated for clarity.
i.e. compute:create_instance
,
compute:attach_volume
,
volume:attach_volume
target – dictionary representing the object of the action for object
creation this should be a dictionary representing the
location of the object e.g.
{'project_id': context.project_id}
PolicyNotAuthorized – if verification fails.
Init an Enforcer class.
use_conf – Whether to load rules from config file.
Set rules based on the provided dict of rules.
rules – New rules to use. It should be an instance of dict.
overwrite – Whether to overwrite current rules or update them with the new rules.
use_conf – Whether to reload rules from config file.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.